Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package kubeseal for openSUSE:Factory
checked in at 2025-08-21 16:56:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kubeseal (Old)
and /work/SRC/openSUSE:Factory/.kubeseal.new.29662 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubeseal"
Thu Aug 21 16:56:57 2025 rev:39 rq:1300527 version:0.31.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/kubeseal/kubeseal.changes 2025-06-13
18:46:09.392560766 +0200
+++ /work/SRC/openSUSE:Factory/.kubeseal.new.29662/kubeseal.changes
2025-08-21 16:56:58.916078991 +0200
@@ -1,0 +2,27 @@
+Wed Aug 20 12:57:28 UTC 2025 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 0.31.0:
+ * Update release notes for v0.31.0 (#1772)
+ * Simplify VIB helm chart validation (#1771)
+ * Bump VIB action version and updates the service URL (#1770)
+ * helm: add watch for secrets (#1758)
+ * fix: metrics cleanup for deleted SealedSecrets (#1764)
+ * Bump golang version to latest available one for 1.24 (#1769)
+ * Bump k8s.io/client-go from 0.33.2 to 0.33.3 (#1761)
+ * Bump github.com/spf13/pflag from 1.0.6 to 1.0.7 (#1765)
+ * Bump golang.org/x/crypto from 0.40.0 to 0.41.0 (#1768)
+ * Bump k8s.io/api from 0.33.2 to 0.33.3 (#1766)
+ * Bump github.com/prometheus/client_golang from 1.22.0 to 1.23.0
+ (#1767)
+ * Bump k8s.io/code-generator from 0.33.2 to 0.33.3 (#1759)
+ * Bump github.com/onsi/gomega from 1.37.0 to 1.38.0 (#1760)
+ * Fix keyrenewperiod template chart (#1756)
+ * Fix namespace validation to prevent mismatch errors (#1754)
+ * Bump golang.org/x/crypto from 0.39.0 to 0.40.0 (#1755)
+ * Bump k8s.io/code-generator from 0.33.1 to 0.33.2 (#1752)
+ * Bump k8s.io/client-go from 0.33.1 to 0.33.2 (#1749)
+ * add watch for secrets (#1737)
+ * Release carvel package 2.17.3 (#1746)
+ * Release chart 2.17.3 (#1745)
+
+-------------------------------------------------------------------
Old:
----
kubeseal-0.30.0.obscpio
New:
----
kubeseal-0.31.0.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kubeseal.spec ++++++
--- /var/tmp/diff_new_pack.wf3Pbe/_old 2025-08-21 16:57:00.064126822 +0200
+++ /var/tmp/diff_new_pack.wf3Pbe/_new 2025-08-21 16:57:00.068126988 +0200
@@ -1,7 +1,7 @@
#
# spec file for package kubeseal
#
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: kubeseal
-Version: 0.30.0
+Version: 0.31.0
Release: 0
Summary: CLI for encrypting secrets to SealedSecrets
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.wf3Pbe/_old 2025-08-21 16:57:00.096128156 +0200
+++ /var/tmp/diff_new_pack.wf3Pbe/_new 2025-08-21 16:57:00.100128322 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/bitnami-labs/sealed-secrets</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.30.0</param>
+ <param name="revision">v0.31.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.wf3Pbe/_old 2025-08-21 16:57:00.120129155 +0200
+++ /var/tmp/diff_new_pack.wf3Pbe/_new 2025-08-21 16:57:00.124129322 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/bitnami-labs/sealed-secrets</param>
- <param
name="changesrevision">6e0beae85afcd1e981b4b56f22399ded6cbe6a88</param></service></servicedata>
+ <param
name="changesrevision">443107a1fd256cb9e2ff3a3290aa79d722f840ee</param></service></servicedata>
(No newline at EOF)
++++++ kubeseal-0.30.0.obscpio -> kubeseal-0.31.0.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubeseal-0.30.0/.vib/vib-platform-verify-skip-recreate.json
new/kubeseal-0.31.0/.vib/vib-platform-verify-skip-recreate.json
--- old/kubeseal-0.30.0/.vib/vib-platform-verify-skip-recreate.json
2025-06-12 10:37:26.000000000 +0200
+++ new/kubeseal-0.31.0/.vib/vib-platform-verify-skip-recreate.json
1970-01-01 01:00:00.000000000 +0100
@@ -1,37 +0,0 @@
-{
- "phases": {
- "package": {
- "context": {
- "resources": {
- "url": "{SHA_ARCHIVE}",
- "path": "/helm/sealed-secrets"
- }
- },
- "actions": [
- {
- "action_id": "helm-package"
- }
- ]
- },
- "verify": {
- "context": {
- "resources": {
- "url": "{SHA_ARCHIVE}",
- "path": "/.vib/"
- },
- "runtime_parameters":
"IyMgQ3JlYXRlIFNlYWxlZCBTZWNyZXRzIGNvbnRyb2xsZXIgc2hvdWxkIGJlIGNyZWF0ZWQKY3JlYXRlQ29udHJvbGxlcjogdHJ1ZQojIyBTZWNyZXQgY29udGFpbmluZyB0aGUga2V5IHVzZWQgdG8gZW5jcnlwdCBzZWNyZXRzCnNlY3JldE5hbWU6ICJzZWFsZWQtc2VjcmV0cy1rZXkiCiMjIFJlbmV3IGtleXMgZXZlcnkgd2VlawprZXlyZW5ld3BlcmlvZDogIjE2OGgiCiMgU2tpcCBzZWNyZXQgcmVjcmVhdGlvbgpza2lwUmVjcmVhdGU6IHRydWUKc2VydmljZToKICB0eXBlOiBMb2FkQmFsYW5jZXIKICBwb3J0OiA4MAo=",
- "target_platform": {
- "target_platform_id": "{TARGET_PLATFORM}"
- }
- },
- "actions": [
- {
- "action_id": "health-check",
- "params": {
- "endpoint": "lb-sealed-secrets-http"
- }
- }
- ]
- }
- }
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/.vib/vib-platform-verify.json
new/kubeseal-0.31.0/.vib/vib-platform-verify.json
--- old/kubeseal-0.30.0/.vib/vib-platform-verify.json 2025-06-12
10:37:26.000000000 +0200
+++ new/kubeseal-0.31.0/.vib/vib-platform-verify.json 1970-01-01
01:00:00.000000000 +0100
@@ -1,37 +0,0 @@
-{
- "phases": {
- "package": {
- "context": {
- "resources": {
- "url": "{SHA_ARCHIVE}",
- "path": "/helm/sealed-secrets"
- }
- },
- "actions": [
- {
- "action_id": "helm-package"
- }
- ]
- },
- "verify": {
- "context": {
- "resources": {
- "url": "{SHA_ARCHIVE}",
- "path": "/.vib/"
- },
- "runtime_parameters":
"IyMgQ3JlYXRlIFNlYWxlZCBTZWNyZXRzIGNvbnRyb2xsZXIgc2hvdWxkIGJlIGNyZWF0ZWQKY3JlYXRlQ29udHJvbGxlcjogdHJ1ZQojIyBTZWNyZXQgY29udGFpbmluZyB0aGUga2V5IHVzZWQgdG8gZW5jcnlwdCBzZWNyZXRzCnNlY3JldE5hbWU6ICJzZWFsZWQtc2VjcmV0cy1rZXkiCiMjIFJlbmV3IGtleXMgZXZlcnkgd2VlawprZXlyZW5ld3BlcmlvZDogIjE2OGgiCnNlcnZpY2U6CiAgdHlwZTogTG9hZEJhbGFuY2VyCiAgcG9ydDogODAK",
- "target_platform": {
- "target_platform_id": "{TARGET_PLATFORM}"
- }
- },
- "actions": [
- {
- "action_id": "health-check",
- "params": {
- "endpoint": "lb-sealed-secrets-http"
- }
- }
- ]
- }
- }
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/RELEASE-NOTES.md
new/kubeseal-0.31.0/RELEASE-NOTES.md
--- old/kubeseal-0.30.0/RELEASE-NOTES.md 2025-06-12 10:37:26.000000000
+0200
+++ new/kubeseal-0.31.0/RELEASE-NOTES.md 2025-08-14 16:26:26.000000000
+0200
@@ -4,6 +4,25 @@
[](https://github.com/bitnami-labs/sealed-secrets/releases/latest)
+## v0.31.0
+
+- Helm: add watch for secrets
([#1758](https://github.com/bitnami-labs/sealed-secrets/pull/1758))
+- Simplify VIB helm chart validation
([#1771](https://github.com/bitnami-labs/sealed-secrets/pull/1771))
+- Fix: metrics cleanup for deleted SealedSecrets
([#1764](https://github.com/bitnami-labs/sealed-secrets/pull/1764))
+- Fix keyrenewperiod template chart
([#1756](https://github.com/bitnami-labs/sealed-secrets/pull/1756))
+- Fix namespace validation to prevent mismatch errors
([#1754](https://github.com/bitnami-labs/sealed-secrets/pull/1754))
+- Bump VIB action version and updates the service URL
([#1770](https://github.com/bitnami-labs/sealed-secrets/pull/1770))
+- Bump golang version to latest available one for 1.24
([#1769](https://github.com/bitnami-labs/sealed-secrets/pull/1769))
+- Bump golang.org/x/crypto from 0.40.0 to 0.41.0
([#1768](https://github.com/bitnami-labs/sealed-secrets/pull/1768))
+- Bump github.com/prometheus/client_golang from 1.22.0 to 1.23.0
([#1767](https://github.com/bitnami-labs/sealed-secrets/pull/1767))
+- Bump k8s.io/api from 0.33.2 to 0.33.3
([#1766](https://github.com/bitnami-labs/sealed-secrets/pull/1766))
+- Bump github.com/spf13/pflag from 1.0.6 to 1.0.7
([#1765](https://github.com/bitnami-labs/sealed-secrets/pull/1765))
+- Bump k8s.io/client-go from 0.33.2 to 0.33.3
([#1761](https://github.com/bitnami-labs/sealed-secrets/pull/1761))
+- Bump github.com/onsi/gomega from 1.37.0 to 1.38.0
([#1760](https://github.com/bitnami-labs/sealed-secrets/pull/1760))
+- Bump k8s.io/code-generator from 0.33.2 to 0.33.3
([#1759](https://github.com/bitnami-labs/sealed-secrets/pull/1759))
+- Bump golang.org/x/crypto from 0.39.0 to 0.40.0
([#1755](https://github.com/bitnami-labs/sealed-secrets/pull/1755))
+- Bump k8s.io/code-generator from 0.33.1 to 0.33.2
([#1752](https://github.com/bitnami-labs/sealed-secrets/pull/1752))
+
## v0.30.0
- Bump golang to 1.24.4
([#1743](https://github.com/bitnami-labs/sealed-secrets/pull/1743))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/carvel/package.yaml
new/kubeseal-0.31.0/carvel/package.yaml
--- old/kubeseal-0.30.0/carvel/package.yaml 2025-06-12 10:37:26.000000000
+0200
+++ new/kubeseal-0.31.0/carvel/package.yaml 2025-08-14 16:26:26.000000000
+0200
@@ -1,10 +1,10 @@
apiVersion: data.packaging.carvel.dev/v1alpha1
kind: Package
metadata:
- name: "sealedsecrets.bitnami.com.2.17.2"
+ name: "sealedsecrets.bitnami.com.2.17.3"
spec:
refName: "sealedsecrets.bitnami.com"
- version: "2.17.2"
+ version: "2.17.3"
valuesSchema:
openAPIv3:
title: Chart Values
@@ -424,7 +424,7 @@
spec:
fetch:
- imgpkgBundle:
- image:
ghcr.io/bitnami-labs/sealed-secrets-carvel@sha256:2cf177c3d8a91413e3e04fedf6c355228d0e30797ffb5db7dd7d008c0e28e983
+ image:
ghcr.io/bitnami-labs/sealed-secrets-carvel@sha256:b99f590e72772ebaa83aad35a88f01977a95245049e32a36b48ec21af32de8a7
template:
- helmTemplate:
path: sealed-secrets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/cmd/controller/main.go
new/kubeseal-0.31.0/cmd/controller/main.go
--- old/kubeseal-0.30.0/cmd/controller/main.go 2025-06-12 10:37:26.000000000
+0200
+++ new/kubeseal-0.31.0/cmd/controller/main.go 2025-08-14 16:26:26.000000000
+0200
@@ -51,6 +51,7 @@
fs.BoolVar(&f.OldGCBehavior, "old-gc-behavior", false, "Revert to old
GC behavior where the controller deletes secrets instead of delegating that to
k8s itself.")
fs.BoolVar(&f.UpdateStatus, "update-status", true, "beta: if true, the
controller will update the status sub-resource whenever it processes a sealed
secret")
+ fs.BoolVar(&f.WatchForSecrets, "watch-for-secrets", false, "beta: If
this is true, the controller will watch for key secrets. This is useful if you
create the key secrets externally.")
fs.BoolVar(&f.SkipRecreate, "skip-recreate", false, "if true the
controller will skip listening for managed secret changes to recreate them.
This helps on limited permission environments.")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/cmd/kubeseal/main_test.go
new/kubeseal-0.31.0/cmd/kubeseal/main_test.go
--- old/kubeseal-0.30.0/cmd/kubeseal/main_test.go 2025-06-12
10:37:26.000000000 +0200
+++ new/kubeseal-0.31.0/cmd/kubeseal/main_test.go 2025-08-14
16:26:26.000000000 +0200
@@ -22,10 +22,33 @@
_ "k8s.io/client-go/plugin/pkg/client/auth"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
+ clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
certUtil "k8s.io/client-go/util/cert"
"k8s.io/client-go/util/keyutil"
)
+// mockClientConfig implements clientcmd.ClientConfig for testing
+type mockClientConfig struct {
+ namespace string
+ namespaceSet bool
+}
+
+func (m *mockClientConfig) Namespace() (string, bool, error) {
+ return m.namespace, m.namespaceSet, nil
+}
+
+func (m *mockClientConfig) ClientConfig() (*rest.Config, error) {
+ return &rest.Config{}, nil
+}
+
+func (m *mockClientConfig) ConfigAccess() clientcmd.ConfigAccess {
+ return nil
+}
+
+func (m *mockClientConfig) RawConfig() (clientcmdapi.Config, error) {
+ return clientcmdapi.Config{}, nil
+}
+
func TestVersion(t *testing.T) {
buf := bytes.NewBufferString("")
testVersionFlags := flag.NewFlagSet("testVersionFlags",
flag.ExitOnError)
@@ -41,7 +64,7 @@
}
func testClientConfig() clientcmd.ClientConfig {
- return initClient("", testConfigOverrides(), os.Stdin)
+ return &mockClientConfig{namespace: "default", namespaceSet: false}
}
func testConfig(flags *cliFlags) *config {
@@ -53,23 +76,6 @@
}
}
-func initUsualKubectlFlagsForTests(overrides *clientcmd.ConfigOverrides,
flagset *flag.FlagSet) {
- kflags := clientcmd.RecommendedConfigOverrideFlags("")
- clientcmd.BindOverrideFlags(overrides, flagset, kflags)
-}
-
-func testConfigOverrides() *clientcmd.ConfigOverrides {
- flagset := flag.NewFlagSet("test", flag.PanicOnError)
- var overrides clientcmd.ConfigOverrides
- initUsualKubectlFlagsForTests(&overrides, flagset)
- err := flagset.Parse([]string{"-n", "default"})
- if err != nil {
- fmt.Printf("flagset parse err: %v\n", err)
- os.Exit(1)
- }
- return &overrides
-}
-
func TestMainError(t *testing.T) {
badFileName := filepath.Join("this", "file", "cannot", "possibly",
"exist", "can", "it?")
flags := cliFlags{certURL: badFileName}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/go.mod new/kubeseal-0.31.0/go.mod
--- old/kubeseal-0.30.0/go.mod 2025-06-12 10:37:26.000000000 +0200
+++ new/kubeseal-0.31.0/go.mod 2025-08-14 16:26:26.000000000 +0200
@@ -9,16 +9,16 @@
github.com/mattn/go-isatty v0.0.20
github.com/mkmik/multierror v0.4.0
github.com/onsi/ginkgo/v2 v2.23.4
- github.com/onsi/gomega v1.37.0
- github.com/prometheus/client_golang v1.22.0
- github.com/spf13/pflag v1.0.6
+ github.com/onsi/gomega v1.38.0
+ github.com/prometheus/client_golang v1.23.0
+ github.com/spf13/pflag v1.0.7
github.com/throttled/throttled v2.2.5+incompatible
- golang.org/x/crypto v0.39.0
+ golang.org/x/crypto v0.41.0
gopkg.in/yaml.v2 v2.4.0
- k8s.io/api v0.33.1
- k8s.io/apimachinery v0.33.1
- k8s.io/client-go v0.33.1
- k8s.io/code-generator v0.33.1
+ k8s.io/api v0.33.3
+ k8s.io/apimachinery v0.33.3
+ k8s.io/client-go v0.33.3
+ k8s.io/code-generator v0.33.3
k8s.io/klog v1.0.0
k8s.io/klog/v2 v2.130.1
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
@@ -54,23 +54,24 @@
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 //
indirect
github.com/pkg/errors v0.9.1 // indirect
- github.com/prometheus/client_model v0.6.1 // indirect
- github.com/prometheus/common v0.62.0 // indirect
- github.com/prometheus/procfs v0.15.1 // indirect
+ github.com/prometheus/client_model v0.6.2 // indirect
+ github.com/prometheus/common v0.65.0 // indirect
+ github.com/prometheus/procfs v0.16.1 // indirect
github.com/shopspring/decimal v1.4.0 // indirect
github.com/spf13/cast v1.7.0 // indirect
github.com/x448/float16 v0.8.4 // indirect
go.uber.org/automaxprocs v1.6.0 // indirect
- golang.org/x/mod v0.25.0 // indirect
- golang.org/x/net v0.40.0 // indirect
- golang.org/x/oauth2 v0.27.0 // indirect
- golang.org/x/sync v0.15.0 // indirect
- golang.org/x/sys v0.33.0 // indirect
- golang.org/x/term v0.32.0 // indirect
- golang.org/x/text v0.26.0 // indirect
+ golang.org/x/mod v0.26.0 // indirect
+ golang.org/x/net v0.42.0 // indirect
+ golang.org/x/oauth2 v0.30.0 // indirect
+ golang.org/x/sync v0.16.0 // indirect
+ golang.org/x/sys v0.35.0 // indirect
+ golang.org/x/term v0.34.0 // indirect
+ golang.org/x/text v0.28.0 // indirect
golang.org/x/time v0.9.0 // indirect
- golang.org/x/tools v0.33.0 // indirect
- google.golang.org/protobuf v1.36.5 // indirect
+ golang.org/x/tools v0.35.0 // indirect
+ golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated //
indirect
+ google.golang.org/protobuf v1.36.6 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/go.sum new/kubeseal-0.31.0/go.sum
--- old/kubeseal-0.30.0/go.sum 2025-06-12 10:37:26.000000000 +0200
+++ new/kubeseal-0.31.0/go.sum 2025-08-14 16:26:26.000000000 +0200
@@ -84,30 +84,30 @@
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod
h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/onsi/ginkgo/v2 v2.23.4
h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus=
github.com/onsi/ginkgo/v2 v2.23.4/go.mod
h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8=
-github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y=
-github.com/onsi/gomega v1.37.0/go.mod
h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
+github.com/onsi/gomega v1.38.0 h1:c/WX+w8SLAinvuKKQFh77WEucCnPk4j2OTUr7lt7BeY=
+github.com/onsi/gomega v1.38.0/go.mod
h1:OcXcwId0b9QsE7Y49u+BTrL4IdKOBOKnD6VQNTJEB6o=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod
h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0
h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod
h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/prashantv/gostub v1.1.0
h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
github.com/prashantv/gostub v1.1.0/go.mod
h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
-github.com/prometheus/client_golang v1.22.0
h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
-github.com/prometheus/client_golang v1.22.0/go.mod
h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
-github.com/prometheus/client_model v0.6.1
h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
-github.com/prometheus/client_model v0.6.1/go.mod
h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
-github.com/prometheus/common v0.62.0
h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
-github.com/prometheus/common v0.62.0/go.mod
h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
-github.com/prometheus/procfs v0.15.1
h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
-github.com/prometheus/procfs v0.15.1/go.mod
h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
+github.com/prometheus/client_golang v1.23.0
h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc=
+github.com/prometheus/client_golang v1.23.0/go.mod
h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE=
+github.com/prometheus/client_model v0.6.2
h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
+github.com/prometheus/client_model v0.6.2/go.mod
h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
+github.com/prometheus/common v0.65.0
h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE=
+github.com/prometheus/common v0.65.0/go.mod
h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=
+github.com/prometheus/procfs v0.16.1
h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg=
+github.com/prometheus/procfs v0.16.1/go.mod
h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is=
github.com/rogpeppe/go-internal v1.13.1
h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
github.com/rogpeppe/go-internal v1.13.1/go.mod
h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
github.com/shopspring/decimal v1.4.0
h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
github.com/shopspring/decimal v1.4.0/go.mod
h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w=
github.com/spf13/cast v1.7.0/go.mod
h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
-github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
-github.com/spf13/pflag v1.0.6/go.mod
h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.7 h1:vN6T9TfwStFPFM5XzjsvmzZkLuaLX+HS+0SeFLRgU6M=
+github.com/spf13/pflag v1.0.7/go.mod
h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/stretchr/objx v0.1.0/go.mod
h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
github.com/stretchr/objx v0.5.2/go.mod
h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
@@ -127,51 +127,55 @@
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod
h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod
h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
-golang.org/x/crypto v0.39.0/go.mod
h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
+golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
+golang.org/x/crypto v0.41.0/go.mod
h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
-golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
+golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
+golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod
h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod
h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod
h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod
h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
-golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
-golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
-golang.org/x/oauth2 v0.27.0/go.mod
h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
+golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
+golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
+golang.org/x/oauth2 v0.30.0/go.mod
h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
-golang.org/x/sync v0.15.0/go.mod
h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
+golang.org/x/sync v0.16.0/go.mod
h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
-golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
-golang.org/x/term v0.32.0/go.mod
h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
+golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
+golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
+golang.org/x/term v0.34.0/go.mod
h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
-golang.org/x/text v0.26.0/go.mod
h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
+golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
+golang.org/x/text v0.28.0/go.mod
h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod
h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod
h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod
h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc=
-golang.org/x/tools v0.33.0/go.mod
h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
+golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0=
+golang.org/x/tools v0.35.0/go.mod
h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
+golang.org/x/tools/go/expect v0.1.0-deprecated
h1:jY2C5HGYR5lqex3gEniOQL0r7Dq5+VGVgY1nudX5lXY=
+golang.org/x/tools/go/expect v0.1.0-deprecated/go.mod
h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY=
+golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated
h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM=
+golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated/go.mod
h1:RVAQXBGNv1ib0J382/DPCRS/BPnsGebyM1Gj5VSDpG8=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v1.36.5
h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
-google.golang.org/protobuf v1.36.5/go.mod
h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.6
h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
+google.golang.org/protobuf v1.36.6/go.mod
h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod
h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod
h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@@ -183,14 +187,14 @@
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.33.1 h1:tA6Cf3bHnLIrUK4IqEgb2v++/GYUtqiu9sRVk3iBXyw=
-k8s.io/api v0.33.1/go.mod h1:87esjTn9DRSRTD4fWMXamiXxJhpOIREjWOSjsW1kEHw=
-k8s.io/apimachinery v0.33.1 h1:mzqXWV8tW9Rw4VeW9rEkqvnxj59k1ezDUl20tFK/oM4=
-k8s.io/apimachinery v0.33.1/go.mod
h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM=
-k8s.io/client-go v0.33.1 h1:ZZV/Ks2g92cyxWkRRnfUDsnhNn28eFpt26aGc8KbXF4=
-k8s.io/client-go v0.33.1/go.mod h1:JAsUrl1ArO7uRVFWfcj6kOomSlCv+JpvIsp6usAGefA=
-k8s.io/code-generator v0.33.1 h1:ZLzIRdMsh3Myfnx9BaooX6iQry29UJjVfVG+BuS+UMw=
-k8s.io/code-generator v0.33.1/go.mod
h1:HUKT7Ubp6bOgIbbaPIs9lpd2Q02uqkMCMx9/GjDrWpY=
+k8s.io/api v0.33.3 h1:SRd5t//hhkI1buzxb288fy2xvjubstenEKL9K51KBI8=
+k8s.io/api v0.33.3/go.mod h1:01Y/iLUjNBM3TAvypct7DIj0M0NIZc+PzAHCIo0CYGE=
+k8s.io/apimachinery v0.33.3 h1:4ZSrmNa0c/ZpZJhAgRdcsFcZOw1PQU1bALVQ0B3I5LA=
+k8s.io/apimachinery v0.33.3/go.mod
h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM=
+k8s.io/client-go v0.33.3 h1:M5AfDnKfYmVJif92ngN532gFqakcGi6RvaOF16efrpA=
+k8s.io/client-go v0.33.3/go.mod h1:luqKBQggEf3shbxHY4uVENAxrDISLOarxpTKMiUuujg=
+k8s.io/code-generator v0.33.3 h1:6+34LhYkIuQ/yn/E3qlpVqjQaP8smzCu4NE1A8b0LWs=
+k8s.io/code-generator v0.33.3/go.mod
h1:6Y02+HQJYgNphv9z3wJB5w+sjYDIEBQW7sh62PkufvA=
k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7
h1:2OX19X59HxDprNCVrWi6jb7LW1PoqTlYqEq5H2oetog=
k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7/go.mod
h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU=
k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/helm/sealed-secrets/Chart.yaml
new/kubeseal-0.31.0/helm/sealed-secrets/Chart.yaml
--- old/kubeseal-0.30.0/helm/sealed-secrets/Chart.yaml 2025-06-12
10:37:26.000000000 +0200
+++ new/kubeseal-0.31.0/helm/sealed-secrets/Chart.yaml 2025-08-14
16:26:26.000000000 +0200
@@ -1,7 +1,7 @@
annotations:
category: DeveloperTools
apiVersion: v2
-appVersion: 0.29.0
+appVersion: 0.30.0
description: Helm chart for the sealed-secrets controller.
home: https://github.com/bitnami-labs/sealed-secrets
icon:
https://bitnami.com/assets/stacks/sealed-secrets/img/sealed-secrets-stack-220x234.png
@@ -14,6 +14,6 @@
url: https://github.com/bitnami-labs/sealed-secrets
name: sealed-secrets
type: application
-version: 2.17.2
+version: 2.17.3
sources:
- https://github.com/bitnami-labs/sealed-secrets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/helm/sealed-secrets/README.md
new/kubeseal-0.31.0/helm/sealed-secrets/README.md
--- old/kubeseal-0.30.0/helm/sealed-secrets/README.md 2025-06-12
10:37:26.000000000 +0200
+++ new/kubeseal-0.31.0/helm/sealed-secrets/README.md 2025-08-14
16:26:26.000000000 +0200
@@ -86,7 +86,7 @@
| ------------------------------------------------- |
------------------------------------------------------------------------------------------------------------------
| ----------------------------------- |
| `image.registry` | Sealed Secrets image
registry
| `docker.io` |
| `image.repository` | Sealed Secrets image
repository
| `bitnami/sealed-secrets-controller` |
-| `image.tag` | Sealed Secrets image tag
(immutable tags are recommended)
| `0.29.0` |
+| `image.tag` | Sealed Secrets image tag
(immutable tags are recommended)
| `0.30.0` |
| `image.pullPolicy` | Sealed Secrets image
pull policy
| `IfNotPresent` |
| `image.pullSecrets` | Sealed Secrets image
pull secrets
| `[]` |
| `revisionHistoryLimit` | Number of old history to
retain to allow rollback (If not set, default Kubernetes value is set to 10)
| `""` |
@@ -106,6 +106,7 @@
| `logLevel` | Specifies log level of
controller (INFO,ERROR)
| `""` |
| `logFormat` | Specifies log format
(text,json)
| `""` |
| `maxRetries` | Number of maximum
retries
| `""` |
+| `watchForSecrets` | Specifies whether the
Sealed Secrets controller will watch for new secrets
| `false` |
| `command` | Override default
container command
| `[]` |
| `args` | Override default
container args
| `[]` |
| `livenessProbe.enabled` | Enable livenessProbe on
Sealed Secret containers
| `true` |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubeseal-0.30.0/helm/sealed-secrets/templates/deployment.yaml
new/kubeseal-0.31.0/helm/sealed-secrets/templates/deployment.yaml
--- old/kubeseal-0.30.0/helm/sealed-secrets/templates/deployment.yaml
2025-06-12 10:37:26.000000000 +0200
+++ new/kubeseal-0.31.0/helm/sealed-secrets/templates/deployment.yaml
2025-08-14 16:26:26.000000000 +0200
@@ -78,7 +78,7 @@
{{- if .Values.skipRecreate }}
- --skip-recreate
{{- end }}
- {{- if .Values.keyrenewperiod }}
+ {{- if ne (.Values.keyrenewperiod | toString) "" }}
- --key-renew-period
- {{ .Values.keyrenewperiod | quote }}
{{- end }}
@@ -149,6 +149,9 @@
- --max-unseal-retries
- {{ .Values.maxRetries | quote }}
{{- end }}
+ {{- if .Values.watchForSecrets }}
+ - --watch-for-secrets
+ {{- end }}
{{- end }}
image: {{ printf "%s/%s:%s" .Values.image.registry
.Values.image.repository .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/helm/sealed-secrets/values.yaml
new/kubeseal-0.31.0/helm/sealed-secrets/values.yaml
--- old/kubeseal-0.30.0/helm/sealed-secrets/values.yaml 2025-06-12
10:37:26.000000000 +0200
+++ new/kubeseal-0.31.0/helm/sealed-secrets/values.yaml 2025-08-14
16:26:26.000000000 +0200
@@ -39,7 +39,7 @@
image:
registry: docker.io
repository: bitnami/sealed-secrets-controller
- tag: 0.29.0
+ tag: 0.30.0
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -115,6 +115,9 @@
## @param maxRetries Number of maximum retries
##
maxRetries: ""
+## @param watchForSecrets Specifies whether the Sealed Secrets controller will
watch for new secrets
+##
+watchForSecrets: false
## @param command Override default container command
##
command: []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/pkg/controller/keys.go
new/kubeseal-0.31.0/pkg/controller/keys.go
--- old/kubeseal-0.30.0/pkg/controller/keys.go 2025-06-12 10:37:26.000000000
+0200
+++ new/kubeseal-0.31.0/pkg/controller/keys.go 2025-08-14 16:26:26.000000000
+0200
@@ -29,7 +29,7 @@
return crypto.GeneratePrivateKeyAndCert(keySize, validFor, cn)
}
-func readKey(secret v1.Secret) (*rsa.PrivateKey, []*x509.Certificate, error) {
+func readKey(secret *v1.Secret) (*rsa.PrivateKey, []*x509.Certificate, error) {
key, err := keyutil.ParsePrivateKeyPEM(secret.Data[v1.TLSPrivateKeyKey])
if err != nil {
return nil, nil, err
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/pkg/controller/keys_test.go
new/kubeseal-0.31.0/pkg/controller/keys_test.go
--- old/kubeseal-0.30.0/pkg/controller/keys_test.go 2025-06-12
10:37:26.000000000 +0200
+++ new/kubeseal-0.31.0/pkg/controller/keys_test.go 2025-08-14
16:26:26.000000000 +0200
@@ -60,7 +60,7 @@
Type: v1.SecretTypeTLS,
}
- key2, cert2, err := readKey(secret)
+ key2, cert2, err := readKey(&secret)
if err != nil {
t.Errorf("readKey() failed with: %v", err)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/pkg/controller/main.go
new/kubeseal-0.31.0/pkg/controller/main.go
--- old/kubeseal-0.30.0/pkg/controller/main.go 2025-06-12 10:37:26.000000000
+0200
+++ new/kubeseal-0.31.0/pkg/controller/main.go 2025-08-14 16:26:26.000000000
+0200
@@ -13,6 +13,8 @@
"syscall"
"time"
+ "k8s.io/apimachinery/pkg/watch"
+
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -57,6 +59,7 @@
PrivateKeyAnnotations string
PrivateKeyLabels string
MaxRetries int
+ WatchForSecrets bool
}
func initKeyPrefix(keyPrefix string) (string, error) {
@@ -85,23 +88,31 @@
keyRegistry := NewKeyRegistry(client, namespace, prefix, label, keysize)
sort.Sort(ssv1alpha1.ByCreationTimestamp(items))
for _, secret := range items {
- key, certs, err := readKey(secret)
+ err = registryNewKeyWithSecret(&secret, keyRegistry,
keyOrderPriority)
if err != nil {
- slog.Error("Error reading key", "secret", secret.Name,
"error", err)
- }
-
- // Select ordering time based on the keyOrderPriority flag
- orderingTime := getKeyOrderPriority(keyOrderPriority, certs[0],
secret)
-
- if err := keyRegistry.registerNewKey(secret.Name, key,
certs[0], orderingTime); err != nil {
return nil, err
}
- slog.Info("registered private key", "secretname", secret.Name)
}
return keyRegistry, nil
}
-func getKeyOrderPriority(keyOrderPriority string, cert *x509.Certificate,
secret v1.Secret) time.Time {
+func registryNewKeyWithSecret(secret *v1.Secret, keyRegistry *KeyRegistry,
keyOrderPriority string) error {
+ key, certs, err := readKey(secret)
+ if err != nil {
+ slog.Error("Error reading key", "secret", secret.Name, "error",
err)
+ }
+
+ // Select ordering time based on the keyOrderPriority flag
+ orderingTime := getKeyOrderPriority(keyOrderPriority, certs[0], secret)
+
+ if err := keyRegistry.registerNewKey(secret.Name, key, certs[0],
orderingTime); err != nil {
+ return err
+ }
+ slog.Info("registered private key", "secretname", secret.Name)
+ return nil
+}
+
+func getKeyOrderPriority(keyOrderPriority string, cert *x509.Certificate,
secret *v1.Secret) time.Time {
switch keyOrderPriority {
case "CertNotBefore":
return cert.NotBefore
@@ -113,6 +124,37 @@
return cert.NotBefore
}
+func watchKeyRegistry(ctx context.Context, client kubernetes.Interface,
keyRegistry *KeyRegistry, namespace, keyOrderPriority string) error {
+ watcher, err := client.CoreV1().Secrets(namespace).Watch(ctx,
metav1.ListOptions{
+ LabelSelector: keySelector.String(),
+ })
+ if err != nil {
+ return err
+ }
+
+ for event := range watcher.ResultChan() {
+ secret := event.Object.(*v1.Secret)
+ if secret == nil {
+ continue
+ }
+
+ switch event.Type {
+ case watch.Added:
+ err = registryNewKeyWithSecret(secret, keyRegistry,
keyOrderPriority)
+ if err != nil {
+ return err
+ }
+ case watch.Modified:
+ case watch.Deleted:
+ case watch.Error:
+ case watch.Bookmark:
+ default:
+ slog.Info("Unexpected watch event", "type", event.Type)
+ }
+ }
+ return nil
+}
+
func myNamespace() string {
if ns := os.Getenv("POD_NAMESPACE"); ns != "" {
return ns
@@ -232,6 +274,13 @@
go controller.Run(stop)
+ if f.WatchForSecrets {
+ go func() {
+ err := watchKeyRegistry(ctx, clientset, keyRegistry,
myNs, f.KeyOrderPriority)
+ slog.Error("Watch fo secrets", "err", err)
+ }()
+ }
+
if f.AdditionalNamespaces != "" {
addNS := removeDuplicates(strings.Split(f.AdditionalNamespaces,
","))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/pkg/controller/metrics.go
new/kubeseal-0.31.0/pkg/controller/metrics.go
--- old/kubeseal-0.30.0/pkg/controller/metrics.go 2025-06-12
10:37:26.000000000 +0200
+++ new/kubeseal-0.31.0/pkg/controller/metrics.go 2025-08-14
16:26:26.000000000 +0200
@@ -117,7 +117,7 @@
return
}
for _, condition := range ssecret.Status.Conditions {
- conditionInfo.MetricVec.DeleteLabelValues(ssecret.Namespace,
ssecret.Name, string(condition.Type), labelInstance)
+ conditionInfo.DeleteLabelValues(ssecret.Namespace,
ssecret.Name, string(condition.Type),
ssecret.Labels["app.kubernetes.io/instance"])
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/pkg/controller/metrics_test.go
new/kubeseal-0.31.0/pkg/controller/metrics_test.go
--- old/kubeseal-0.30.0/pkg/controller/metrics_test.go 1970-01-01
01:00:00.000000000 +0100
+++ new/kubeseal-0.31.0/pkg/controller/metrics_test.go 2025-08-14
16:26:26.000000000 +0200
@@ -0,0 +1,232 @@
+package controller
+
+import (
+ "testing"
+
+ ssv1alpha1
"github.com/bitnami-labs/sealed-secrets/pkg/apis/sealedsecrets/v1alpha1"
+ "github.com/prometheus/client_golang/prometheus"
+ dto "github.com/prometheus/client_model/go"
+ corev1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// setupTestMetrics creates a fresh metrics setup for testing
+func setupTestMetrics() *prometheus.Registry {
+ registry := prometheus.NewRegistry()
+
+ // Create a new conditionInfo metric for testing
+ testConditionInfo := prometheus.NewGaugeVec(
+ prometheus.GaugeOpts{
+ Namespace: metricNamespace,
+ Name: "condition_info",
+ Help: "Current SealedSecret condition status.
Values are -1 (false), 0 (unknown or absent), 1 (true)",
+ },
+ []string{labelNamespace, labelName, labelCondition,
labelInstance},
+ )
+
+ registry.MustRegister(testConditionInfo)
+
+ // Replace the global conditionInfo for testing
+ conditionInfo = testConditionInfo
+
+ return registry
+}
+
+func TestObserveCondition(t *testing.T) {
+ registry := setupTestMetrics()
+
+ ssecret := &ssv1alpha1.SealedSecret{
+ ObjectMeta: metav1.ObjectMeta{
+ Namespace: "test-ns",
+ Name: "test-secret",
+ Labels: map[string]string{
+ "app.kubernetes.io/instance": "test-instance",
+ },
+ },
+ Status: &ssv1alpha1.SealedSecretStatus{
+ Conditions: []ssv1alpha1.SealedSecretCondition{
+ {
+ Type: ssv1alpha1.SealedSecretSynced,
+ Status: corev1.ConditionTrue,
+ },
+ },
+ },
+ }
+
+ ObserveCondition(ssecret)
+
+ // Verify metric was created
+ metricFamilies, err := registry.Gather()
+ if err != nil {
+ t.Fatalf("Failed to gather metrics: %v", err)
+ }
+
+ found := false
+ for _, mf := range metricFamilies {
+ if mf.GetName() == "sealed_secrets_controller_condition_info" {
+ for _, metric := range mf.GetMetric() {
+ labels := metric.GetLabel()
+ if getLabel(labels, "namespace") == "test-ns" &&
+ getLabel(labels, "name") ==
"test-secret" &&
+ getLabel(labels, "condition") ==
"Synced" &&
+ getLabel(labels,
"ss_app_kubernetes_io_instance") == "test-instance" {
+ found = true
+ if metric.GetGauge().GetValue() != 1.0 {
+ t.Errorf("Expected metric value
1.0, got %f", metric.GetGauge().GetValue())
+ }
+ }
+ }
+ }
+ }
+
+ if !found {
+ t.Error("Expected metric not found")
+ }
+}
+
+func TestUnregisterCondition(t *testing.T) {
+ registry := setupTestMetrics()
+
+ ssecret := &ssv1alpha1.SealedSecret{
+ ObjectMeta: metav1.ObjectMeta{
+ Namespace: "test-ns",
+ Name: "test-secret",
+ Labels: map[string]string{
+ "app.kubernetes.io/instance": "test-instance",
+ },
+ },
+ Status: &ssv1alpha1.SealedSecretStatus{
+ Conditions: []ssv1alpha1.SealedSecretCondition{
+ {
+ Type: ssv1alpha1.SealedSecretSynced,
+ Status: corev1.ConditionTrue,
+ },
+ },
+ },
+ }
+
+ // First observe the condition to create the metric
+ ObserveCondition(ssecret)
+
+ // Verify metric exists
+ metricFamilies, err := registry.Gather()
+ if err != nil {
+ t.Fatalf("Failed to gather metrics: %v", err)
+ }
+
+ metricExists := func() bool {
+ for _, mf := range metricFamilies {
+ if mf.GetName() ==
"sealed_secrets_controller_condition_info" {
+ for _, metric := range mf.GetMetric() {
+ labels := metric.GetLabel()
+ if getLabel(labels, "namespace") ==
"test-ns" &&
+ getLabel(labels, "name") ==
"test-secret" &&
+ getLabel(labels, "condition")
== "Synced" &&
+ getLabel(labels,
"ss_app_kubernetes_io_instance") == "test-instance" {
+ return true
+ }
+ }
+ }
+ }
+ return false
+ }
+
+ if !metricExists() {
+ t.Fatal("Metric should exist before unregistering")
+ }
+
+ // Now unregister the condition
+ UnregisterCondition(ssecret)
+
+ // Verify metric was removed
+ metricFamilies, err = registry.Gather()
+ if err != nil {
+ t.Fatalf("Failed to gather metrics: %v", err)
+ }
+
+ if metricExists() {
+ t.Error("Metric should have been removed after unregistering")
+ }
+}
+
+func TestUnregisterConditionWithNilStatus(t *testing.T) {
+ ssecret := &ssv1alpha1.SealedSecret{
+ ObjectMeta: metav1.ObjectMeta{
+ Namespace: "test-ns",
+ Name: "test-secret",
+ },
+ Status: nil,
+ }
+
+ // Should not panic
+ UnregisterCondition(ssecret)
+}
+
+func TestObserveConditionWithNilStatus(t *testing.T) {
+ ssecret := &ssv1alpha1.SealedSecret{
+ ObjectMeta: metav1.ObjectMeta{
+ Namespace: "test-ns",
+ Name: "test-secret",
+ },
+ Status: nil,
+ }
+
+ // Should not panic
+ ObserveCondition(ssecret)
+}
+
+func TestUnregisterConditionWithMissingLabel(t *testing.T) {
+ registry := setupTestMetrics()
+
+ ssecret := &ssv1alpha1.SealedSecret{
+ ObjectMeta: metav1.ObjectMeta{
+ Namespace: "test-ns",
+ Name: "test-secret",
+ // Missing app.kubernetes.io/instance label
+ },
+ Status: &ssv1alpha1.SealedSecretStatus{
+ Conditions: []ssv1alpha1.SealedSecretCondition{
+ {
+ Type: ssv1alpha1.SealedSecretSynced,
+ Status: corev1.ConditionTrue,
+ },
+ },
+ },
+ }
+
+ // First observe the condition to create the metric (with empty
instance label)
+ ObserveCondition(ssecret)
+
+ // Now unregister the condition - should work with empty instance label
+ UnregisterCondition(ssecret)
+
+ // Verify metric was removed
+ metricFamilies, err := registry.Gather()
+ if err != nil {
+ t.Fatalf("Failed to gather metrics: %v", err)
+ }
+
+ for _, mf := range metricFamilies {
+ if mf.GetName() == "sealed_secrets_controller_condition_info" {
+ for _, metric := range mf.GetMetric() {
+ labels := metric.GetLabel()
+ if getLabel(labels, "namespace") == "test-ns" &&
+ getLabel(labels, "name") ==
"test-secret" &&
+ getLabel(labels, "condition") ==
"Synced" &&
+ getLabel(labels,
"ss_app_kubernetes_io_instance") == "" {
+ t.Error("Metric should have been
removed after unregistering")
+ }
+ }
+ }
+ }
+}
+
+// Helper function to get label value from metric labels
+func getLabel(labels []*dto.LabelPair, name string) string {
+ for _, label := range labels {
+ if label.GetName() == name {
+ return label.GetValue()
+ }
+ }
+ return ""
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/pkg/kubeseal/kubeseal.go
new/kubeseal-0.31.0/pkg/kubeseal/kubeseal.go
--- old/kubeseal-0.30.0/pkg/kubeseal/kubeseal.go 2025-06-12
10:37:26.000000000 +0200
+++ new/kubeseal-0.31.0/pkg/kubeseal/kubeseal.go 2025-08-14
16:26:26.000000000 +0200
@@ -252,14 +252,22 @@
secret.Annotations =
ssv1alpha1.UpdateScopeAnnotations(secret.Annotations, scope)
}
- if ssv1alpha1.SecretScope(secret) !=
ssv1alpha1.ClusterWideScope && secret.GetNamespace() == "" {
- ns, _, err := clientConfig.Namespace()
- if clientcmd.IsEmptyConfig(err) {
+ if ssv1alpha1.SecretScope(secret) !=
ssv1alpha1.ClusterWideScope {
+ ns, namespaceSet, err := clientConfig.Namespace()
+ if clientcmd.IsEmptyConfig(err) &&
secret.GetNamespace() == "" {
return fmt.Errorf("input secret has no
namespace and cannot infer the namespace automatically when no kube config is
available")
} else if err != nil {
return err
}
- secret.SetNamespace(ns)
+
+ // Check for namespace mismatch when namespace is
explicitly set via command line
+ if namespaceSet && secret.GetNamespace() != "" &&
secret.GetNamespace() != ns {
+ return fmt.Errorf("namespace mismatch: input
secret is in namespace %q but %q was specified", secret.GetNamespace(), ns)
+ }
+
+ if secret.GetNamespace() == "" {
+ secret.SetNamespace(ns)
+ }
}
// Strip read-only server-side ObjectMeta (if present)
@@ -278,7 +286,7 @@
if err = sealedSecretOutput(out, outputFormat, codecs,
ssecret); err != nil {
return err
}
- //return nil
+ // return nil
}
return nil
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/pkg/kubeseal/kubeseal_test.go
new/kubeseal-0.31.0/pkg/kubeseal/kubeseal_test.go
--- old/kubeseal-0.30.0/pkg/kubeseal/kubeseal_test.go 2025-06-12
10:37:26.000000000 +0200
+++ new/kubeseal-0.31.0/pkg/kubeseal/kubeseal_test.go 2025-08-14
16:26:26.000000000 +0200
@@ -19,19 +19,18 @@
"testing"
"time"
- "k8s.io/apimachinery/pkg/util/yaml"
- "k8s.io/utils/strings/slices"
-
- flag "github.com/spf13/pflag"
-
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/apimachinery/pkg/util/yaml"
"k8s.io/client-go/kubernetes/scheme"
+ "k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
+ clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
"k8s.io/client-go/util/keyutil"
+ "k8s.io/utils/strings/slices"
ssv1alpha1
"github.com/bitnami-labs/sealed-secrets/pkg/apis/sealedsecrets/v1alpha1"
"github.com/bitnami-labs/sealed-secrets/pkg/crypto"
@@ -113,36 +112,12 @@
/* repeated from main here... STARTs */
-func initClient(kubeConfigPath string, cfgOverrides
*clientcmd.ConfigOverrides, r io.Reader) clientcmd.ClientConfig {
- loadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
- loadingRules.DefaultClientConfig = &clientcmd.DefaultClientConfig
- loadingRules.ExplicitPath = kubeConfigPath
- return
clientcmd.NewInteractiveDeferredLoadingClientConfig(loadingRules, cfgOverrides,
r)
-}
-
func testClientConfig() clientcmd.ClientConfig {
- return initClient("", testConfigOverrides(), os.Stdin)
+ return &mockClientConfig{namespace: "testns", namespaceSet: false}
}
/* repeated from main here... ENDs */
-func initUsualKubectlFlagsForTests(overrides *clientcmd.ConfigOverrides,
flagset *flag.FlagSet) {
- kflags := clientcmd.RecommendedConfigOverrideFlags("")
- clientcmd.BindOverrideFlags(overrides, flagset, kflags)
-}
-
-func testConfigOverrides() *clientcmd.ConfigOverrides {
- flagset := flag.NewFlagSet("test", flag.PanicOnError)
- var overrides clientcmd.ConfigOverrides
- initUsualKubectlFlagsForTests(&overrides, flagset)
- err := flagset.Parse([]string{"-n", "default"})
- if err != nil {
- fmt.Printf("flagset parse err: %v\n", err)
- os.Exit(1)
- }
- return &overrides
-}
-
func TestOpenCertFile(t *testing.T) {
ctx := context.Background()
clientConfig := testClientConfig()
@@ -212,7 +187,7 @@
s2 := mkTestSecret(t, "bar", "2", withSecretName("s2"),
asYAML(tc.asYaml))
multiDocYaml := fmt.Sprintf("%s%s%s", s1,
tc.inputSeparator, s2)
- clientConfig := testClientConfig()
+ clientConfig := &mockClientConfig{namespace: "testns",
namespaceSet: false}
outputFormat := tc.outputFormat
inbuf := bytes.Buffer{}
_, err =
bytes.NewBuffer([]byte(multiDocYaml)).WriteTo(&inbuf)
@@ -432,7 +407,11 @@
for i, tc := range testCases {
t.Run(fmt.Sprint(i), func(t *testing.T) {
- clientConfig := testClientConfig()
+ clientConfig := &mockClientConfig{namespace: "testns",
namespaceSet: false}
+ // For test cases where the secret has no namespace and
we expect it to be filled with "default"
+ if tc.secret.GetNamespace() == "" &&
tc.want.GetNamespace() == "default" {
+ clientConfig = &mockClientConfig{namespace:
"default", namespaceSet: true}
+ }
outputFormat := "json"
info, ok :=
runtime.SerializerInfoForMediaType(scheme.Codecs.SupportedMediaTypes(),
runtime.ContentTypeJSON)
if !ok {
@@ -553,7 +532,7 @@
}
func mkTestSealedSecret(t *testing.T, pubKey *rsa.PublicKey, key, value
string, opts ...mkTestSecretOpt) []byte {
- clientConfig := testClientConfig()
+ clientConfig := &mockClientConfig{namespace: "testns", namespaceSet:
false}
outputFormat := "json"
inbuf := bytes.NewBuffer(mkTestSecret(t, key, value, opts...))
var outbuf bytes.Buffer
@@ -687,7 +666,7 @@
}
func TestMergeInto(t *testing.T) {
- clientConfig := testClientConfig()
+ clientConfig := &mockClientConfig{namespace: "testns", namespaceSet:
false}
outputFormat := "json"
pubKey, privKeys := newTestKeyPair(t)
@@ -1011,3 +990,138 @@
t.Errorf("got: %q, want: %q", got, want)
}
}
+
+func TestNamespaceMismatchValidation(t *testing.T) {
+ key, err := ParseKey(strings.NewReader(testCert))
+ if err != nil {
+ t.Fatalf("Failed to parse test key: %v", err)
+ }
+
+ testCases := []struct {
+ name string
+ secret v1.Secret
+ configNamespace string
+ namespaceSet bool
+ expectedError string
+ }{
+ {
+ name: "namespace mismatch should fail",
+ secret: v1.Secret{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "mysecret",
+ Namespace: "secretns",
+ },
+ Data: map[string][]byte{
+ "foo": []byte("sekret"),
+ },
+ },
+ configNamespace: "flagns",
+ namespaceSet: true,
+ expectedError: "namespace mismatch: input secret is
in namespace \"secretns\" but \"flagns\" was specified",
+ },
+ {
+ name: "matching namespaces should succeed",
+ secret: v1.Secret{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "mysecret",
+ Namespace: "samens",
+ },
+ Data: map[string][]byte{
+ "foo": []byte("sekret"),
+ },
+ },
+ configNamespace: "samens",
+ namespaceSet: true,
+ expectedError: "",
+ },
+ {
+ name: "no namespace flag set should succeed",
+ secret: v1.Secret{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "mysecret",
+ Namespace: "secretns",
+ },
+ Data: map[string][]byte{
+ "foo": []byte("sekret"),
+ },
+ },
+ configNamespace: "flagns",
+ namespaceSet: false,
+ expectedError: "",
+ },
+ {
+ name: "empty secret namespace with flag set should
succeed",
+ secret: v1.Secret{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "mysecret",
+ Namespace: "",
+ },
+ Data: map[string][]byte{
+ "foo": []byte("sekret"),
+ },
+ },
+ configNamespace: "flagns",
+ namespaceSet: true,
+ expectedError: "",
+ },
+ }
+
+ for _, tc := range testCases {
+ t.Run(tc.name, func(t *testing.T) {
+ // Create a mock client config that returns the test
namespace
+ mockClientConfig := &mockClientConfig{
+ namespace: tc.configNamespace,
+ namespaceSet: tc.namespaceSet,
+ }
+
+ outputFormat := "json"
+ info, ok :=
runtime.SerializerInfoForMediaType(scheme.Codecs.SupportedMediaTypes(),
runtime.ContentTypeJSON)
+ if !ok {
+ t.Fatalf("binary can't serialize JSON")
+ }
+ enc := scheme.Codecs.EncoderForVersion(info.Serializer,
v1.SchemeGroupVersion)
+ inbuf := bytes.Buffer{}
+ if err := enc.Encode(&tc.secret, &inbuf); err != nil {
+ t.Fatalf("Error encoding: %v", err)
+ }
+
+ outbuf := bytes.Buffer{}
+ err := Seal(mockClientConfig, outputFormat, &inbuf,
&outbuf, scheme.Codecs, key, ssv1alpha1.DefaultScope, false, "", "")
+
+ if tc.expectedError != "" {
+ if err == nil {
+ t.Fatalf("Expected error %q but got
nil", tc.expectedError)
+ }
+ if got, want := err.Error(), tc.expectedError;
got != want {
+ t.Errorf("got error: %q, want: %q",
got, want)
+ }
+ } else {
+ if err != nil {
+ t.Fatalf("Unexpected error: %v", err)
+ }
+ }
+ })
+ }
+}
+
+// mockClientConfig implements clientcmd.ClientConfig for testing
+type mockClientConfig struct {
+ namespace string
+ namespaceSet bool
+}
+
+func (m *mockClientConfig) Namespace() (string, bool, error) {
+ return m.namespace, m.namespaceSet, nil
+}
+
+func (m *mockClientConfig) ClientConfig() (*rest.Config, error) {
+ return &rest.Config{}, nil
+}
+
+func (m *mockClientConfig) ConfigAccess() clientcmd.ConfigAccess {
+ return nil
+}
+
+func (m *mockClientConfig) RawConfig() (clientcmdapi.Config, error) {
+ return clientcmdapi.Config{}, nil
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.30.0/versions.env
new/kubeseal-0.31.0/versions.env
--- old/kubeseal-0.30.0/versions.env 2025-06-12 10:37:26.000000000 +0200
+++ new/kubeseal-0.31.0/versions.env 2025-08-14 16:26:26.000000000 +0200
@@ -1,2 +1,2 @@
-GO_VERSION=1.24.4
+GO_VERSION=1.24.6
GO_VERSION_LIST="[\"$GO_VERSION\"]"
++++++ kubeseal.obsinfo ++++++
--- /var/tmp/diff_new_pack.wf3Pbe/_old 2025-08-21 16:57:00.668151988 +0200
+++ /var/tmp/diff_new_pack.wf3Pbe/_new 2025-08-21 16:57:00.672152154 +0200
@@ -1,5 +1,5 @@
name: kubeseal
-version: 0.30.0
-mtime: 1749717446
-commit: 6e0beae85afcd1e981b4b56f22399ded6cbe6a88
+version: 0.31.0
+mtime: 1755181586
+commit: 443107a1fd256cb9e2ff3a3290aa79d722f840ee
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/kubeseal/vendor.tar.gz
/work/SRC/openSUSE:Factory/.kubeseal.new.29662/vendor.tar.gz differ: char 38,
line 1
